- From: SULLIVAN, BRYAN L <bs3131@att.com>
- Date: Wed, 3 Apr 2013 20:36:36 +0000
- To: Jonas Sicking <jonas@sicking.cc>, Janusz Majnert <j.majnert@samsung.com>
- CC: "public-sysapps@w3.org" <public-sysapps@w3.org>
> > There are several ideas in this thread that make using cross-origin > communication easier. I just don't see the advantage of packaged web app > sharing origin with some arbitrary site, for example when compared to using > WARP. Something like a WARP based solution requires signing by a trusted party. This has at least the following downsides * You can't distribute your app without going through a set of gate-keepers. And we're trying to avoid building a platform with gate-keepers. * Whoever does the signing can make mistakes. I.e. it's it's very hard to find a cleverly written program that looks harmless, but that actually steals the user's information. <bryan> WARP does not require signing. All it requires is that the UA / app manager provide a means for the user to be informed about what sites are requested under the access rules, and to either approve that access or not. WARP works fine for unsigned apps.
Received on Wednesday, 3 April 2013 20:37:38 UTC